SYNOPSIS

tpm_createek [OPTION]

DESCRIPTION

tpm_createek creates and Endorsement Key Pair on the TPM (via the TPM_CreateEndorsementKeyPair API). This should rarely be required as the Endorsement Key is normally installed as part of manufacturing. However, you might need to run this command once if commands such as tpm_getpubek are returning error code 35 from the TPM layer.

-h, --help

Display command usage info.

-v, --version

Display command version info.

-l, --log [none|error|info|debug]

Set logging level.

OPTIONS VALID ONLY FOR TPM VERSION 1.2

-r, --revocable

Creates a revocable key pair instead of non-revocable one. Requires secret data (either -g -o or -i - see below). .TP -i, --infile [input file] Specifies the file that contains the secret data used as revoke data do the new revocable EK pair. Only the first 20 bytes of this file are used and the remaining ones are ignored. .TP -g, --generate-secret Generates a random 20 bytes value that is used as the EK pair revocable secret data. Requires -o (see below). .TP -o, --outfile [output file] Specifies the file to write the generated revocable secret data to, for further use.

RELATED TO tpm_createek…

REPORTING BUGS

Report bugs to <[email protected]>